Session has expired after a few seconds (IFrame no cross domain)
Problem reported by Robert Madrian - 12/16/2021 at 6:15 AM
 after a few seconds opening the viewer and click to download or print the following alert is displayed:

the viewer is opened in an IFrame but no cross domain - I havve set the follwing in startup.cs:
GleamTechWebConfiguration.Current.CookielessSessionMode = CookielessSessionMode.Always;


2 Replies

Reply to Thread
Cem Alacayir Replied
Employee Post
Which browser are you using? Is it Safari? Safari is very sensitive about URLs ahd cookies.

I think this is what happens in your case:
  1. You call/open docviewer.aspx with  HTTP protocol in the URL even though your site was opened in HTTPS

  2. Safari considers your docviewer.aspx iframe/window 3rd party url because of protocol mismatch or different domain and blocks cookies because Safari thinks you are not on the same site anymore.;

  3. DocumentViewer inherits from host page docviewer.aspx and uses HTTP protocol or different domain and thus it’s blocked and throws the error.
It doesn’t matter if you put DocumentViewer in docviewer.aspx, if you put another thing in this page that uses cookies, it will be also blocked because docviewer.aspx iframe/window is blocked.
If you solve the protocol mismatch or different domain problem for your host page docviewer.asp, then you may not even have to use CookielessSessionMode setting.

When you are on HTTPS and if you have links with non-secure HTTP, then even if it’s same domain it may be considered third-party URL.
You should use URLs with a universal protocol as “//valtinho.com/docviewer.aspx”
“//” means use HTTPS if the parent site (the page that hosts the link tag or JS window.open call) was opened with HTTPS and use HTTP if the parent site was opened with HTTP.
So it works for both cases.
So the problem is not about Document Viewer, it does not call any 3rd party URLS internally, and it supports HTTPS which means if the host page is HTTPS it also uses HTTPS urls.
The problem is in calling your docviewer.aspx with wrong protocol (or a different domain than the main one)
Cem Alacayir Replied
Employee Post Marked As Resolution
It turns out that Robert already found the cause of the problem, it's not related to DocumentUltimate, he was using Wangkanai.Detection library and he put services.AddDetection() line related to this library at wrong place, thus this causes session lost in entire ASP.NET Core application.

> Found it after some hours of research:


            // AddDetection (Wangkanai.Detection) have to set before AddSession !!!!
            services.AddSession(options =>
                options.IdleTimeout = TimeSpan.FromMinutes(60);
                options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
                options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None;
                options.Cookie.HttpOnly = true;
                options.Cookie.IsEssential = true;


Reply to Thread